Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12108 | 1 Dropbox | 1 Lepton | 2018-07-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service (SIGFPE and application crash) via a malformed file. | |||||
| CVE-2017-7783 | 1 Mozilla | 1 Firefox | 2018-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| If a long user name is used in a username/password combination in a site URL (such as " http://UserName:Password@example.com"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox < 55. | |||||
| CVE-2017-7762 | 2 Mozilla, Redhat | 4 Firefox, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2018-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54. | |||||
| CVE-2017-5450 | 1 Mozilla | 1 Firefox | 2018-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox < 53. | |||||
| CVE-2016-9065 | 2 Google, Mozilla | 2 Android, Firefox | 2018-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | |||||
| CVE-2016-5298 | 2 Google, Mozilla | 2 Android, Firefox | 2018-07-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50. | |||||
| CVE-2016-5294 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2018-07-30 | 2.1 LOW | 5.5 MEDIUM |
| The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | |||||
| CVE-2016-5293 | 3 Debian, Microsoft, Mozilla | 4 Debian Linux, Windows, Firefox and 1 more | 2018-07-30 | 2.1 LOW | 5.5 MEDIUM |
| When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. | |||||
| CVE-2016-5292 | 1 Mozilla | 1 Firefox | 2018-07-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50. | |||||
| CVE-2016-5291 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2018-07-30 | 4.9 MEDIUM | 5.5 MEDIUM |
| A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | |||||
| CVE-2018-12492 | 1 Phpok | 1 Phpok | 2018-07-27 | 6.4 MEDIUM | 7.5 HIGH |
| PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php. | |||||
| CVE-2018-12046 | 1 Dedecms | 1 Dedecms | 2018-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file. | |||||
| CVE-2017-17171 | 1 Huawei | 6 Mate 8, Mate 8 Firmware, P9 and 3 more | 2018-07-27 | 6.3 MEDIUM | 4.2 MEDIUM |
| Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart. | |||||
| CVE-2018-12065 | 1 Creatiwity | 1 Witycms | 2018-07-23 | 7.5 HIGH | 9.8 CRITICAL |
| A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files (execute PHP code) or read non-PHP files by replacing a helper.json file. | |||||
| CVE-2018-12041 | 1 Mediatek | 2 Awus036nh, Awus036nh Firmware | 2018-07-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Attackers can remotely deny service by sending specially constructed 802.11 frames. | |||||
| CVE-2018-11518 | 1 Hcltech | 2 Legacy Ivr, Legacy Ivr Firmware | 2018-07-20 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece). | |||||
| CVE-2018-11678 | 1 Monstra | 1 Monstra Cms | 2018-07-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie. | |||||
| CVE-2018-11548 | 1 Block | 1 Eos | 2018-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plugin.cpp does not limit the number of P2P connections from the same source IP address. | |||||
| CVE-2014-9746 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2018-07-18 | 7.5 HIGH | 9.8 CRITICAL |
| The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font. | |||||
| CVE-2018-4250 | 1 Apple | 1 Iphone Os | 2018-07-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message. | |||||